HBASE-13182 TestAccessController create/delete table is flaky
This commit is contained in:
parent
ce1a5eeda3
commit
52ff5485a8
|
@ -28,6 +28,7 @@ import java.security.PrivilegedExceptionAction;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.Callable;
|
import java.util.concurrent.Callable;
|
||||||
|
import java.util.concurrent.CountDownLatch;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
@ -35,14 +36,21 @@ import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.hbase.Coprocessor;
|
import org.apache.hadoop.hbase.Coprocessor;
|
||||||
import org.apache.hadoop.hbase.HBaseTestingUtility;
|
import org.apache.hadoop.hbase.HBaseTestingUtility;
|
||||||
import org.apache.hadoop.hbase.HConstants;
|
import org.apache.hadoop.hbase.HConstants;
|
||||||
|
import org.apache.hadoop.hbase.HTableDescriptor;
|
||||||
|
import org.apache.hadoop.hbase.HRegionInfo;
|
||||||
import org.apache.hadoop.hbase.MiniHBaseCluster;
|
import org.apache.hadoop.hbase.MiniHBaseCluster;
|
||||||
import org.apache.hadoop.hbase.TableName;
|
import org.apache.hadoop.hbase.TableName;
|
||||||
|
import org.apache.hadoop.hbase.TableNotEnabledException;
|
||||||
import org.apache.hadoop.hbase.Waiter.Predicate;
|
import org.apache.hadoop.hbase.Waiter.Predicate;
|
||||||
import org.apache.hadoop.hbase.client.Connection;
|
import org.apache.hadoop.hbase.client.Connection;
|
||||||
import org.apache.hadoop.hbase.client.ConnectionFactory;
|
import org.apache.hadoop.hbase.client.ConnectionFactory;
|
||||||
import org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException;
|
import org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException;
|
||||||
|
import org.apache.hadoop.hbase.client.Admin;
|
||||||
import org.apache.hadoop.hbase.client.Table;
|
import org.apache.hadoop.hbase.client.Table;
|
||||||
|
import org.apache.hadoop.hbase.coprocessor.BaseMasterObserver;
|
||||||
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
|
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
|
||||||
|
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
|
||||||
|
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
|
||||||
import org.apache.hadoop.hbase.io.hfile.HFile;
|
import org.apache.hadoop.hbase.io.hfile.HFile;
|
||||||
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
|
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
|
||||||
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
|
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
|
||||||
|
@ -61,14 +69,15 @@ import com.google.protobuf.ServiceException;
|
||||||
* Utility methods for testing security
|
* Utility methods for testing security
|
||||||
*/
|
*/
|
||||||
public class SecureTestUtil {
|
public class SecureTestUtil {
|
||||||
|
|
||||||
private static final Log LOG = LogFactory.getLog(SecureTestUtil.class);
|
private static final Log LOG = LogFactory.getLog(SecureTestUtil.class);
|
||||||
private static final int WAIT_TIME = 10000;
|
private static final int WAIT_TIME = 10000;
|
||||||
|
|
||||||
public static void enableSecurity(Configuration conf) throws IOException {
|
public static void enableSecurity(Configuration conf) throws IOException {
|
||||||
conf.set("hadoop.security.authorization", "false");
|
conf.set("hadoop.security.authorization", "false");
|
||||||
conf.set("hadoop.security.authentication", "simple");
|
conf.set("hadoop.security.authentication", "simple");
|
||||||
conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, AccessController.class.getName());
|
conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, AccessController.class.getName() +
|
||||||
|
"," + MasterSyncObserver.class.getName());
|
||||||
conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName() +
|
conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName() +
|
||||||
"," + SecureBulkLoadEndpoint.class.getName());
|
"," + SecureBulkLoadEndpoint.class.getName());
|
||||||
conf.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY, AccessController.class.getName());
|
conf.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY, AccessController.class.getName());
|
||||||
|
@ -584,4 +593,69 @@ public class SecureTestUtil {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static class MasterSyncObserver extends BaseMasterObserver {
|
||||||
|
volatile CountDownLatch tableCreationLatch = null;
|
||||||
|
volatile CountDownLatch tableDeletionLatch = null;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void postCreateTableHandler(
|
||||||
|
final ObserverContext<MasterCoprocessorEnvironment> ctx,
|
||||||
|
HTableDescriptor desc, HRegionInfo[] regions) throws IOException {
|
||||||
|
// the AccessController test, some times calls only and directly the postCreateTableHandler()
|
||||||
|
if (tableCreationLatch != null) {
|
||||||
|
tableCreationLatch.countDown();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void postDeleteTableHandler(
|
||||||
|
final ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName)
|
||||||
|
throws IOException {
|
||||||
|
// the AccessController test, some times calls only and directly the postDeleteTableHandler()
|
||||||
|
if (tableDeletionLatch != null) {
|
||||||
|
tableDeletionLatch.countDown();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void createTable(HBaseTestingUtility testUtil, HTableDescriptor htd)
|
||||||
|
throws Exception {
|
||||||
|
createTable(testUtil, testUtil.getHBaseAdmin(), htd);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void createTable(HBaseTestingUtility testUtil, Admin admin, HTableDescriptor htd)
|
||||||
|
throws Exception {
|
||||||
|
// NOTE: We need a latch because admin is not sync,
|
||||||
|
// so the postOp coprocessor method may be called after the admin operation returned.
|
||||||
|
MasterSyncObserver observer = (MasterSyncObserver)testUtil.getHBaseCluster().getMaster()
|
||||||
|
.getMasterCoprocessorHost().findCoprocessor(MasterSyncObserver.class.getName());
|
||||||
|
observer.tableCreationLatch = new CountDownLatch(1);
|
||||||
|
admin.createTable(htd);
|
||||||
|
observer.tableCreationLatch.await();
|
||||||
|
observer.tableCreationLatch = null;
|
||||||
|
testUtil.waitUntilAllRegionsAssigned(htd.getTableName());
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void deleteTable(HBaseTestingUtility testUtil, TableName tableName)
|
||||||
|
throws Exception {
|
||||||
|
deleteTable(testUtil, testUtil.getHBaseAdmin(), tableName);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void deleteTable(HBaseTestingUtility testUtil, Admin admin, TableName tableName)
|
||||||
|
throws Exception {
|
||||||
|
// NOTE: We need a latch because admin is not sync,
|
||||||
|
// so the postOp coprocessor method may be called after the admin operation returned.
|
||||||
|
MasterSyncObserver observer = (MasterSyncObserver)testUtil.getHBaseCluster().getMaster()
|
||||||
|
.getMasterCoprocessorHost().findCoprocessor(MasterSyncObserver.class.getName());
|
||||||
|
observer.tableDeletionLatch = new CountDownLatch(1);
|
||||||
|
try {
|
||||||
|
admin.disableTable(tableName);
|
||||||
|
} catch (TableNotEnabledException e) {
|
||||||
|
LOG.debug("Table: " + tableName + " already disabled, so just deleting it.");
|
||||||
|
}
|
||||||
|
admin.deleteTable(tableName);
|
||||||
|
observer.tableDeletionLatch.await();
|
||||||
|
observer.tableDeletionLatch = null;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -173,11 +173,6 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
public static void setupBeforeClass() throws Exception {
|
public static void setupBeforeClass() throws Exception {
|
||||||
// setup configuration
|
// setup configuration
|
||||||
conf = TEST_UTIL.getConfiguration();
|
conf = TEST_UTIL.getConfiguration();
|
||||||
conf.set("hbase.master.hfilecleaner.plugins",
|
|
||||||
"org.apache.hadoop.hbase.master.cleaner.HFileLinkCleaner," +
|
|
||||||
"org.apache.hadoop.hbase.master.snapshot.SnapshotHFileCleaner");
|
|
||||||
conf.set("hbase.master.logcleaner.plugins",
|
|
||||||
"org.apache.hadoop.hbase.master.snapshot.SnapshotLogCleaner");
|
|
||||||
// Enable security
|
// Enable security
|
||||||
enableSecurity(conf);
|
enableSecurity(conf);
|
||||||
// In this particular test case, we can't use SecureBulkLoadEndpoint because its doAs will fail
|
// In this particular test case, we can't use SecureBulkLoadEndpoint because its doAs will fail
|
||||||
|
@ -277,7 +272,7 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
public void tearDown() throws Exception {
|
public void tearDown() throws Exception {
|
||||||
// Clean the _acl_ table
|
// Clean the _acl_ table
|
||||||
try {
|
try {
|
||||||
TEST_UTIL.deleteTable(TEST_TABLE.getTableName());
|
deleteTable(TEST_UTIL, TEST_TABLE.getTableName());
|
||||||
} catch (TableNotFoundException ex) {
|
} catch (TableNotFoundException ex) {
|
||||||
// Test deleted the table, no problem
|
// Test deleted the table, no problem
|
||||||
LOG.info("Test deleted table " + TEST_TABLE.getTableName());
|
LOG.info("Test deleted table " + TEST_TABLE.getTableName());
|
||||||
|
@ -1063,14 +1058,12 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
// create table
|
// create table
|
||||||
Admin admin = TEST_UTIL.getHBaseAdmin();
|
Admin admin = TEST_UTIL.getHBaseAdmin();
|
||||||
if (admin.tableExists(tableName)) {
|
if (admin.tableExists(tableName)) {
|
||||||
admin.disableTable(tableName);
|
deleteTable(TEST_UTIL, tableName);
|
||||||
admin.deleteTable(tableName);
|
|
||||||
}
|
}
|
||||||
HTableDescriptor htd = new HTableDescriptor(tableName);
|
HTableDescriptor htd = new HTableDescriptor(tableName);
|
||||||
htd.addFamily(new HColumnDescriptor(family1));
|
htd.addFamily(new HColumnDescriptor(family1));
|
||||||
htd.addFamily(new HColumnDescriptor(family2));
|
htd.addFamily(new HColumnDescriptor(family2));
|
||||||
admin.createTable(htd);
|
createTable(TEST_UTIL, htd);
|
||||||
TEST_UTIL.waitUntilAllRegionsAssigned(tableName);
|
|
||||||
|
|
||||||
// create temp users
|
// create temp users
|
||||||
User tblUser = User
|
User tblUser = User
|
||||||
|
@ -1319,8 +1312,7 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
|
verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
|
||||||
|
|
||||||
// delete table
|
// delete table
|
||||||
admin.disableTable(tableName);
|
deleteTable(TEST_UTIL, tableName);
|
||||||
admin.deleteTable(tableName);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean hasFoundUserPermission(UserPermission userPermission, List<UserPermission> perms) {
|
private boolean hasFoundUserPermission(UserPermission userPermission, List<UserPermission> perms) {
|
||||||
|
@ -1338,14 +1330,12 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
// create table
|
// create table
|
||||||
Admin admin = TEST_UTIL.getHBaseAdmin();
|
Admin admin = TEST_UTIL.getHBaseAdmin();
|
||||||
if (admin.tableExists(tableName)) {
|
if (admin.tableExists(tableName)) {
|
||||||
admin.disableTable(tableName);
|
deleteTable(TEST_UTIL, tableName);
|
||||||
admin.deleteTable(tableName);
|
|
||||||
}
|
}
|
||||||
HTableDescriptor htd = new HTableDescriptor(tableName);
|
HTableDescriptor htd = new HTableDescriptor(tableName);
|
||||||
htd.addFamily(new HColumnDescriptor(family1));
|
htd.addFamily(new HColumnDescriptor(family1));
|
||||||
htd.addFamily(new HColumnDescriptor(family2));
|
htd.addFamily(new HColumnDescriptor(family2));
|
||||||
admin.createTable(htd);
|
createTable(TEST_UTIL, htd);
|
||||||
TEST_UTIL.waitUntilAllRegionsAssigned(tableName);
|
|
||||||
|
|
||||||
// create temp users
|
// create temp users
|
||||||
User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
|
User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
|
||||||
|
@ -1438,8 +1428,7 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
verifyDenied(user, deleteQualifierAction);
|
verifyDenied(user, deleteQualifierAction);
|
||||||
|
|
||||||
// delete table
|
// delete table
|
||||||
admin.disableTable(tableName);
|
deleteTable(TEST_UTIL, tableName);
|
||||||
admin.deleteTable(tableName);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -1453,15 +1442,13 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
// create table
|
// create table
|
||||||
Admin admin = TEST_UTIL.getHBaseAdmin();
|
Admin admin = TEST_UTIL.getHBaseAdmin();
|
||||||
if (admin.tableExists(tableName)) {
|
if (admin.tableExists(tableName)) {
|
||||||
admin.disableTable(tableName);
|
deleteTable(TEST_UTIL, tableName);
|
||||||
admin.deleteTable(tableName);
|
|
||||||
}
|
}
|
||||||
HTableDescriptor htd = new HTableDescriptor(tableName);
|
HTableDescriptor htd = new HTableDescriptor(tableName);
|
||||||
htd.addFamily(new HColumnDescriptor(family1));
|
htd.addFamily(new HColumnDescriptor(family1));
|
||||||
htd.addFamily(new HColumnDescriptor(family2));
|
htd.addFamily(new HColumnDescriptor(family2));
|
||||||
htd.setOwner(USER_OWNER);
|
htd.setOwner(USER_OWNER);
|
||||||
admin.createTable(htd);
|
createTable(TEST_UTIL, htd);
|
||||||
TEST_UTIL.waitUntilAllRegionsAssigned(tableName);
|
|
||||||
|
|
||||||
List<UserPermission> perms;
|
List<UserPermission> perms;
|
||||||
|
|
||||||
|
@ -1572,7 +1559,7 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
hasFoundUserPermission(newOwnerperm, perms));
|
hasFoundUserPermission(newOwnerperm, perms));
|
||||||
|
|
||||||
// delete table
|
// delete table
|
||||||
admin.deleteTable(tableName);
|
deleteTable(TEST_UTIL, tableName);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -1934,8 +1921,7 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
final Admin admin = TEST_UTIL.getHBaseAdmin();
|
final Admin admin = TEST_UTIL.getHBaseAdmin();
|
||||||
HTableDescriptor htd = new HTableDescriptor(TEST_TABLE2);
|
HTableDescriptor htd = new HTableDescriptor(TEST_TABLE2);
|
||||||
htd.addFamily(new HColumnDescriptor(TEST_FAMILY));
|
htd.addFamily(new HColumnDescriptor(TEST_FAMILY));
|
||||||
admin.createTable(htd);
|
createTable(TEST_UTIL, htd);
|
||||||
TEST_UTIL.waitUntilAllRegionsAssigned(TEST_TABLE2);
|
|
||||||
|
|
||||||
// Starting a new RegionServer.
|
// Starting a new RegionServer.
|
||||||
JVMClusterUtil.RegionServerThread newRsThread = hbaseCluster
|
JVMClusterUtil.RegionServerThread newRsThread = hbaseCluster
|
||||||
|
@ -2074,8 +2060,7 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
Connection unmanagedConnection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
|
Connection unmanagedConnection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
|
||||||
Admin admin = unmanagedConnection.getAdmin();
|
Admin admin = unmanagedConnection.getAdmin();
|
||||||
try {
|
try {
|
||||||
admin.disableTable(TEST_TABLE.getTableName());
|
deleteTable(TEST_UTIL, admin, TEST_TABLE.getTableName());
|
||||||
admin.deleteTable(TEST_TABLE.getTableName());
|
|
||||||
} finally {
|
} finally {
|
||||||
admin.close();
|
admin.close();
|
||||||
unmanagedConnection.close();
|
unmanagedConnection.close();
|
||||||
|
@ -2439,8 +2424,7 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
Admin admin = TEST_UTIL.getHBaseAdmin();
|
Admin admin = TEST_UTIL.getHBaseAdmin();
|
||||||
HTableDescriptor htd = new HTableDescriptor(table1);
|
HTableDescriptor htd = new HTableDescriptor(table1);
|
||||||
htd.addFamily(new HColumnDescriptor(family));
|
htd.addFamily(new HColumnDescriptor(family));
|
||||||
admin.createTable(htd);
|
createTable(TEST_UTIL, htd);
|
||||||
TEST_UTIL.waitUntilAllRegionsAssigned(table1);
|
|
||||||
|
|
||||||
// creating the ns and table in it
|
// creating the ns and table in it
|
||||||
String ns = "testNamespace";
|
String ns = "testNamespace";
|
||||||
|
@ -2449,8 +2433,7 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
|
TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
|
||||||
htd = new HTableDescriptor(table2);
|
htd = new HTableDescriptor(table2);
|
||||||
htd.addFamily(new HColumnDescriptor(family));
|
htd.addFamily(new HColumnDescriptor(family));
|
||||||
admin.createTable(htd);
|
createTable(TEST_UTIL, htd);
|
||||||
TEST_UTIL.waitUntilAllRegionsAssigned(table2);
|
|
||||||
|
|
||||||
// Verify that we can read sys-tables
|
// Verify that we can read sys-tables
|
||||||
String aclTableName = AccessControlLists.ACL_TABLE_NAME.getNameAsString();
|
String aclTableName = AccessControlLists.ACL_TABLE_NAME.getNameAsString();
|
||||||
|
@ -2473,8 +2456,8 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
ns + TableName.NAMESPACE_DELIM + tableName)).size());
|
ns + TableName.NAMESPACE_DELIM + tableName)).size());
|
||||||
assertEquals(0, testRegexHandler.runAs(getPrivilegedAction("notMatchingAny")).size());
|
assertEquals(0, testRegexHandler.runAs(getPrivilegedAction("notMatchingAny")).size());
|
||||||
|
|
||||||
TEST_UTIL.deleteTable(table1);
|
deleteTable(TEST_UTIL, table1);
|
||||||
TEST_UTIL.deleteTable(table2);
|
deleteTable(TEST_UTIL, table2);
|
||||||
TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(ns);
|
TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(ns);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -91,13 +91,13 @@ public class TestAccessController2 extends SecureTestUtil {
|
||||||
try (Connection connection =
|
try (Connection connection =
|
||||||
ConnectionFactory.createConnection(TEST_UTIL.getConfiguration(), testUser)) {
|
ConnectionFactory.createConnection(TEST_UTIL.getConfiguration(), testUser)) {
|
||||||
try (Admin admin = connection.getAdmin()) {
|
try (Admin admin = connection.getAdmin()) {
|
||||||
admin.createTable(desc);
|
createTable(TEST_UTIL, admin, desc);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}, testUser);
|
}, testUser);
|
||||||
TEST_UTIL.waitTableEnabled(TEST_TABLE.getTableName());
|
TEST_UTIL.waitTableAvailable(TEST_TABLE.getTableName());
|
||||||
// Verify that owner permissions have been granted to the test user on the
|
// Verify that owner permissions have been granted to the test user on the
|
||||||
// table just created
|
// table just created
|
||||||
List<TablePermission> perms =
|
List<TablePermission> perms =
|
||||||
|
|
Loading…
Reference in New Issue